
FIGURE 1 



FIGURE 2A 



Question 45 

Are servers in production DMZs hardened with an approved hardening script to 
within 5% of compliance? 

Yes No 

Question 46 

Are servers in production DMZs hardened within an approved hardening script to 
within 1% of compliance? 

Yes No 

Question 47 

Are production DMZ servers managed through a console protected with approved 
cryptography? 

Yes No 

FIGURE 2B 

Question 33 

Are approved controls in place to ensure changes to production systems are 
managed and documented to within 1% of compliance? 



Yes 



No 
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<xota> 

<trust_agent> John Q. Public 222-32003</trust_agent> 
. <standard> ISO 17799- ABCDE </standard> 
<score> 6.7.19.22.8.5.9.4.2.5.6.x.x.x.x.x.x.x.x.x </score> 
<raw> CACEADD9F7BFF7FDFF7B6D90E7D8CA04106C8B70 </raw> 
<org> 0=EXAMPLE ORG; C=US; OU=BANKING;CN=CCU_APP </org> 
<includes> OU=BANKING </includes> 
<excludes> NONE </excludes> 
<date> 2002010310141 1.2Z </date> 
</xota> 
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FIGURE 4B 

Answers to Questions: 

YYNNYNYNNYNY 

Binary Score: 

110010100101 

Hex: 
CA5 



FIGURE 4C 

Answers to Questions: 

(YY = Yes, Assesed; NY = No, Assessed; NN = No, Not Assessed; YN = forbidden state) 
YY YY NY NY YY NN YY NN NN YY NY YY 

Binary Score: 

111101011100110000110111 

Hex: 

F5CC37 
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<xota_instream> 

<standard> XYZ-12345^</standard> 
<account>43925430985-2300</account> 
<avgbalance> 0000031415.60 <J avgbalance > 
<start> 19870103183000.0Z</start> 
<end> </end> 
</xota_instream> 
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Assertion OK; 
Transaction scope request 
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<CTA_TEMPLATE> 
<SCOPE> 

<ORG:> 0=example.org; C=france; OU=abc division </ORG> 
<EM:> OU=abc division </IN:> 
<EX:> OU=abc division; CN=call center </EX:> 
</SCOPE> 

<STANDARD> IS017799-ABC </STANDARD> 
<SCORE> 

<CATEGORY> 3.x.x.x.4.4.x.x.x.x </CATEGORY> 
<RAW> 

<ADD>402</ADD> 

<DEL> 800 </DEL> 
</RAW> 
</SCORE> 

<ISSUER> 0=example.org; C=USA; CN=CISO Office </ISSUER> 
<ISSUE_DATE> 20030327233230.0Z <flSSUE_DATE> 
<EXPIRE_DATE> 20030527235959.9Z </EXPIRE_DATE> 
</CTA_TEMPLATE> 
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S=IS017799-ABCDE ; 

C=10.17.31.30.10.9.9.11.7.11.19.15.x.x.x.x.x.x.x.x 
1=3.1. Lb; 

Yes=; 

No=LogException ; 
No=eMailSandy ; 
Assessed= ; 

NotAssessed=LogException ; 
1=3.1. Lb ; 

Yes= /usr/bin/a/scr/91 l.pl; 
No=; 

Assessed= ; 
Not Assessed= ; 
1=3.1. l.c ; 

Yes=; 

No= LogException ; 
Assessed= ; 

Not Assessed= PageBob ; 



E=IS017799-ABCDE ; 
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